CVE-2025-1568 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelines by insufficient access controls and misconfigurations in Gerrit's project.config.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Google	Chrome Os	16063.87.0

Related Weaknesses (CWE)

CWE-284

References

https://issues.chromium.org/issues/b/374279912Broken Link
https://issuetracker.google.com/issues/374279912Issue TrackingMailing List

FAQ

What is CVE-2025-1568?

CVE-2025-1568 is a vulnerability with a CVSS score of 8.8 (HIGH). Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS project...

How severe is CVE-2025-1568?

CVE-2025-1568 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-1568?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome Os.